mailman at jordan.maileater.net
Wed Jul 25 13:04:23 EDT 2018
On 7/25/2018 2:53 AM, Stephen J. Turnbull wrote:
> Note that if I were intuit.com's CISO, I would fight tooth and nail
> against the system you suggest, because it implies that I have DKIM
> private keys for all those subdomains owned by clients. Every spammer
> in the world would be trying to hack the server that has those keys.
> I could probably keep them out, but Lordy, the liability involved!
Well, yeah, but to provide such a service in a way that has any
resemblance to being secure, Intuit *must* have some secret that allows
it to send mail "from" those subdomains. If Intuit doesn't need such a
secret, then anybody could send mail like that.
The price of the privilege of sending mail on behalf of your clients is
that you must protect that ability so that villains cannot hijack it.
More information about the Mailman-Users